Ask HN: How would you design an enterprise (B2B) user permissioning system?

2 points by yuningalexliu ↗ HN
It seems that most enterprise applications I've worked with have very different approaches, and I'm wondering if there are best practice/time-tested architectures or resources. Thank you!

2 comments

[ 2.8 ms ] story [ 15.9 ms ] thread
Something to do with Posgres row-level-security as an ACL would be amazing. Otherwise Identity Server is a good foto for in house, and AWS AMI for serverless.
Authentication or authorization? If it's the latter, I'd model it on what AD/LDAP do: folders/OUs for hierarchy, groups for crossing hierarchy boundaries, then users and securables as objects in the directory. Then on top of that, be able to assign permissions such that node (OU/group/user) -> can-do-action -> other node. Then child nodes inherit permissions as well. We're using something similar in a system I worked on and sys admins and end users are pretty comfortable with it since it used the same paradigms they're used to. You can also use the same thing for multi-tenancy by just creating OUs for tenants.

For authentication, whatever supports ADFS, SAML and/or OIDC. It's a big plus when they can use existing credentials or SSO into your system from theirs.